Getting Data In

Discussions

Thread Info

How to use Splunk's REST API or JavaScript SDK to connect directly to Splunk within a browser?

We are looking to build a standalone Chrome application (in JavaScript) using Splunk's RESTful API to the management ...

by Explorer in

How to connect a Search Head to an Indexer via Proxy Server?

Hi all. I want to connect a Search Head to an Indexer via Proxy Server like so: Search Head <===> Proxy Server <=...

by Communicator in

Why is my Linux forwarder not sending data to a Windows Splunk server with my current configuration?

inputs.conf [default] host = linux_fowarder_server [monitor:///var/log/secure] disabled = false outpu...

by New Member in

Pros and Cons for Multiple Splunk Indexers

Our present architecture now is single indexer, and multiple universal forwarders; However, it's getting slower when ...

by New Member in

Why am I unable to view logs after a Splunk restart?

So I recently hit the threshold error message. It said something like "Disk space 5000MB reached. Indexing paused". I...

by New Member in

Return binary data (such as images) via REST API or otherwise

I'm trying to make some custom extensions to our application, with some additional html divs displaying images. The a...

by Builder in

After installing the universal forwarder on 30+ Windows hosts, why am I only getting Windows event logs from 2 of them?

Hello, I'm new to Splunk and hope someone can point me in the right direction. I installed Splunk Enterprise on a...

by Explorer in

Parsing Time error while monitoring CSV file

Dear SPLUNK Community, I need some help for parsing output time field correctly. I am monitoring the csv file on U...

by Communicator in

Why am I unable to monitor files from a Windows universal forwarder using patterns?

Hello, I have a Windows universal forwarder from which I am unable to monitor some files. I have a directory s...

by New Member in

How to post data to Splunk from installed Python app using REST API without using auth credentials?

I am developing an app for Splunk in Python. I want to add some CSV data to Splunk through this app. I don't have aut...

by New Member in

Universal Forwarder version for SunOS 5.1

Hello Splunkers. Do you guys know wich Splunk Universal Forwarder version I should use on the following machine: ...

by Communicator in

Queries not giving exact result

Hi, My queries is something like given below - index=abc sourcetype=xyz ERROR | rename ERROR as "Error message"...

by Communicator in

Is there a way to collect usage metrics for my Splunk App?

Hey, I'm pretty new to Splunk so sorry if anything I say is wildly off base, but I'm curious if there's a way to ...

by New Member in

Why am I seeing inconsistent behavior with BREAK_ONLY_BEFORE with my sourcetype configuration?

I have a sourcetype of j_out that breaks the lines properly for jboss java log file. The event breaks here: 60...

by Builder in

Remote Eventlog with wmi generates high CPU

Hi there, I know that the best practice for high usage systems is a Splunk Forwarder but due to easy management my...

by Path Finder in

help with regular expression to extract first and last names in csv

Hi. I have a csv file that looks like: 123,"firstname secondname","firstlast secondlast", 124,firstname secondname...

by Builder in

Indexing logs in /var/log

Ok I have been trying to get /var/log/messages and /var/log/cron to be indexed as the "splunk" user for a while and I...

by Builder in

How to monitor data coming in from a serial port (serial to a USB adapter)?

I want to monitor data coming in from a serial port (actually a serial to USB adapter). Has anyone done this? Lon...

by Engager in

Override source field in the indexers

I have configured heavy weight forwarders to get the JMX server data. While forwarding the data to indexers, source f...

by Path Finder in

How do I get my CSV inputlookup search to return a certain field?

I have searched through the knowledge base and have tried a number of things to fix my issue. I have not found my ans...

by New Member in

How might I slice/filter data by dynamically changing host "groupings"?

I have ~10,000 hosts each generating around 100,000 events of ~100 bytes each day. I ingest all of these events, batc...

by Path Finder in

What is the proper syntax for my forwarder inputs.conf stanza to monitor specific files based on a string in the filename?

Hi I am trying to monitor specific files from one directory based on a string in the filename. Example files: ...

by New Member in

XML tag extraction

I have a datasource that reads in events in XML format. Could someone please help me build a props.conf that will ext...

by Path Finder in

Are events from a particular source not getting indexed every night from 8pm to 12am, but events show up 24 hour later?

Events from a particular source do not get indexed every night from 8pm to 12am. However 24 hours later the events sh...

by Explorer in

How to collect Microsoft Web Application Proxy logs from a remote host?

Hi, I want to collect Microsoft Web Application Proxy logs from a remote host. I tried with WMI, but in the Splun...

by New Member in

Get Updates on the Splunk Community!

Getting Data In

Discussions

How to use Splunk's REST API or JavaScript SDK to connect directly to Splunk within a browser?

How to connect a Search Head to an Indexer via Proxy Server?

Why is my Linux forwarder not sending data to a Windows Splunk server with my current configuration?

Pros and Cons for Multiple Splunk Indexers

Why am I unable to view logs after a Splunk restart?

Return binary data (such as images) via REST API or otherwise

After installing the universal forwarder on 30+ Windows hosts, why am I only getting Windows event logs from 2 of them?

Parsing Time error while monitoring CSV file

Why am I unable to monitor files from a Windows universal forwarder using patterns?

How to post data to Splunk from installed Python app using REST API without using auth credentials?

Universal Forwarder version for SunOS 5.1

Queries not giving exact result

Is there a way to collect usage metrics for my Splunk App?

Why am I seeing inconsistent behavior with BREAK_ONLY_BEFORE with my sourcetype configuration?

Remote Eventlog with wmi generates high CPU

help with regular expression to extract first and last names in csv

Indexing logs in /var/log

How to monitor data coming in from a serial port (serial to a USB adapter)?

Override source field in the indexers

How do I get my CSV inputlookup search to return a certain field?

How might I slice/filter data by dynamically changing host "groupings"?

What is the proper syntax for my forwarder inputs.conf stanza to monitor specific files based on a string in the filename?

XML tag extraction

Are events from a particular source not getting indexed every night from 8pm to 12am, but events show up 24 hour later?

How to collect Microsoft Web Application Proxy logs from a remote host?

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

DNS logs - INFO [:12345] Script exceeded maximum r...

Onboard Unknown Source to SC4S

.NET Application Runtime Metrics Not Showing in Sp...

Streamfwd drops IPFIX data with “no template recei...

Splunk Observability Cloud/SignalFx - Related Cont...

Getting Data In

Are you a member of the Splunk Community?

Discussions